From dd49dadba10cfdcd00b6c7564c04b17b81218da6 Mon Sep 17 00:00:00 2001 From: salo Date: Tue, 7 Sep 2004 22:14:09 +0000 Subject: PKGREVISION++ - fix a buffer overflow: "A malicious formatted mp3/2 causes mpg123 to fail header checks, this may allow arbitrary code to be executed with the privilege of the user trying to play the mp3." - patch from Debian but retain code style. --- audio/mpg123/Makefile | 4 ++-- audio/mpg123/distinfo | 3 ++- audio/mpg123/patches/patch-ar | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 audio/mpg123/patches/patch-ar (limited to 'audio/mpg123') diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile index 2f7a9034d09..e10b723e2d1 100644 --- a/audio/mpg123/Makefile +++ b/audio/mpg123/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $ +# $NetBSD: Makefile,v 1.36 2004/09/07 22:14:09 salo Exp $ PKGNAME= mpg123-${MPG123_VERSION} -PKGREVISION= 3 +PKGREVISION= 4 COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio CONFLICTS+= mpg123-nas-[0-9]* diff --git a/audio/mpg123/distinfo b/audio/mpg123/distinfo index 60ddc5ed31c..d1fea081646 100644 --- a/audio/mpg123/distinfo +++ b/audio/mpg123/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2004/03/17 04:49:48 danw Exp $ +$NetBSD: distinfo,v 1.18 2004/09/07 22:14:09 salo Exp $ SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes @@ -21,3 +21,4 @@ SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7 SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007 +SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4 diff --git a/audio/mpg123/patches/patch-ar b/audio/mpg123/patches/patch-ar new file mode 100644 index 00000000000..0e8d87d8d0a --- /dev/null +++ b/audio/mpg123/patches/patch-ar @@ -0,0 +1,19 @@ +$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $ + +CVE: CAN-2004-0805 + +--- layer2.c.orig 1999-02-10 13:13:06.000000000 +0100 ++++ layer2.c 2004-09-08 00:00:06.000000000 +0200 +@@ -265,6 +265,12 @@ + fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ? + (fr->mode_ext<<2)+4 : fr->II_sblimit; + ++ if (fr->jsbound > fr->II_sblimit) ++ { ++ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n"); ++ fr->jsbound=fr->II_sblimit; ++ } ++ + if(stereo == 1 || single == 3) + single = 0; + -- cgit v1.2.3